Import translated manuals from JM CVS Repository.

[linuxjm/iptables.git] / draft / man3 / libipq.3

.\"O .TH LIBIPQ 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" 
.TH LIBIPQ 3 "16 October 2001" "Linux iptables 1.2" "Linux Programmer's Manual" 
.\"
.\" $Id: libipq.3,v 1.4 2001/10/16 16:58:25 jamesm Exp $
.\"
.\"     Copyright (c) 2000-2001 Netfilter Core Team
.\"
.\"     This program is free software; you can redistribute it and/or modify
.\"     it under the terms of the GNU General Public License as published by
.\"     the Free Software Foundation; either version 2 of the License, or
.\"     (at your option) any later version.
.\"
.\"     This program is distributed in the hope that it will be useful,
.\"     but WITHOUT ANY WARRANTY; without even the implied warranty of
.\"     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\"     GNU General Public License for more details.
.\"
.\"     You should have received a copy of the GNU General Public License
.\"     along with this program; if not, write to the Free Software
.\"     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Japanese Version Copyright (c) 2003 Susumu ISHIZUKA
.\"         all rights reserved.
.\" Translated Tue Jun  6 19:25:23 JST 2003
.\"         by Susumu ISHIZUKA <szuka@isp.co.jp>
.\"
.\"WORD:        userspace       ¥æ¡¼¥¶¶õ´Ö
.\"WORD:        verdict         ȽÃÇ
.\"O .SH NAME
.SH ̾Á°
libipq \- iptables userspace packet queuing library.
.\"O .SH SYNOPSIS
.SH ½ñ¼°
.B #include <linux/netfilter.h>
.br
.B #include <libipq.h>
.\"O .SH DESCRIPTION
.SH ÀâÌÀ
.\"O libipq is a development library for iptables userspace packet queuing.
libipq ¤Ï iptables ¤ò »È¤Ã¤Æ ¥æ¡¼¥¶¶õ´Ö¤Ç¥Ñ¥±¥Ã¥ÈÁàºî¤ò
¤¹¤ë¤¿¤á¤Î¥é¥¤¥Ö¥é¥ê¤Ç¤¢¤ë¡£
.SS Userspace Packet Queuing
.\"O Netfilter provides a mechanism for passing packets out of the stack for
.\"O queueing to userspace, then receiving these packets back into the kernel
.\"O with a verdict specifying what to do with the packets (such as ACCEPT
.\"O or DROP).  These packets may also be modified in userspace prior to
.\"O reinjection back into the kernel.
Netfilter ¤Ï¡¢¥æ¡¼¥¶¶õ´Ö¤Ç¥Ñ¥±¥Ã¥ÈÁàºî¤ò¤¹¤ë¤¿¤á¤Îµ¡¹½¤ò 
Ä󶡤·¤Æ¤¤¤ë¡£ ¤³¤Îµ¡¹½¤Ï¥×¥í¥È¥³¥ë¥¹¥¿¥Ã¥¯¤«¤é¥Ñ¥±¥Ã¥È¤ò 
¥æ¡¼¥¶¶õ´Ö¤ËÅϤ·¤Æ¥­¥å¡¼¥¤¥ó¥°(queuing) ¤·¡¢¥æ¡¼¥¶¶õ´Ö¤Ç 
(ACCEPT ¤ä DROP ¤È¤¤¤Ã¤¿) ¥Ñ¥±¥Ã¥È½èÍý¤ÎȽÃǤò¹Ô¤Ã¤¿¸å¤Ë
¥Ñ¥±¥Ã¥È¤ò¥«¡¼¥Í¥ë¤ËÌᤷ¤Æ¤¤¤ë¡£ ¤³¤ì¤é¤Î¥Ñ¥±¥Ã¥È¤Ï¡¢ 
¥æ¡¼¥¶¶õ´Ö¤ÇÊѹ¹¤ò²Ã¤¨¤é¤ì¤Æ¡¢¥«¡¼¥Í¥ë¤ËÊÖ¤µ¤ì¤ë¤³¤È¤â¤¢¤ë¡£ 
.PP
.\"O For each supported protocol, a kernel module called a
.\"O .I queue handler
.\"O may register with Netfilter to perform the mechanics of passing
.\"O packets to and from userspace.
¥æ¡¼¥¶¶õ´Ö¤È¤Î¥Ñ¥±¥Ã¥È¤Î¤ä¤ê¼è¤ê¤Î¤¿¤á¤Ë
.I ¥­¥å¡¼¥Ï¥ó¥É¥é¡¼ (queue handler)
¤È¸Æ¤Ð¤ì¤ë¥«¡¼¥Í¥ë¥â¥¸¥å¡¼¥ë¤¬ 
Netfilter ¤ËÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¡£ 
¥­¥å¡¼¥Ï¥ó¥É¥é¡¼¤Ï¡¢³Æ¥×¥í¥È¥³¥ë¤´¤È¤Ë ÍÑ°Õ¤µ¤ì¤ë¡£
.PP
.\"O The standard queue handler for IPv4 is ip_queue.  It is provided as an
.\"O experimental module with 2.4 kernels, and uses a Netlink socket for
.\"O kernel/userspace communication.
IPv4 ¤Ç¤Î ɸ½à¤Î¥­¥å¡¼¥Ï¥ó¥É¥é¡¼¤Ï ip_queue ¤Ç¤¢¤ë¡£ 
2.4¥«¡¼¥Í¥ë¤Ç¤Ï experimental ¥â¥¸¥å¡¼¥ë¤È¤·¤ÆÄ󶡤µ¤ì¡¢
Netlink ¥½¥±¥Ã¥È¤ò»È¤Ã¤Æ¡¢¥«¡¼¥Í¥ë¤È¥æ¡¼¥¶¶õ´Ö¤È¤ÎÄÌ¿®¤ò
¹Ô¤Ã¤Æ¤¤¤ë¡£ 
.PP
.\"O Once ip_queue is loaded, IP packets may be selected with iptables
.\"O and queued for userspace processing via the QUEUE target.  For example,
.\"O running the following commands:
ip_queue ¤¬¡¢¥á¥â¥ê¾å¤Ë¥í¡¼¥É¤µ¤ì¤ë¤È IP ¥Ñ¥±¥Ã¥È¤Ï iptables ¤Ç
¥Õ¥£¥ë¥¿¥ê¥ó¥°¤µ¤ì QUEUE ¥¿¡¼¥²¥Ã¥È¤Ë¤è¤Ã¤Æ ¥æ¡¼¥¶¶õ´Ö¤Î ½èÍý¤Î¤¿¤á¤Ë
¥­¥å¡¼¥¤¥ó¥°¤µ¤ì¤ë¡£ Îã¤È¤·¤Æ ¼¡¤Î°ìÏ¢¤Î ¥³¥Þ¥ó¥É¤¬È¯¹Ô¤µ¤ì¤ë¤È¡¢
.PP
        # modprobe iptable_filter
.br     
        # modprobe ip_queue
.br     
        # iptables -A OUTPUT -p icmp -j QUEUE
.PP
.\"O will cause any locally generated ICMP packets (e.g. ping output) to
.\"O be sent to the ip_queue module, which will then attempt to deliver the
.\"O packets to a userspace application.  If no userspace application is waiting,
.\"O the packets will be dropped
¥í¡¼¥«¥ë¥Û¥¹¥È¤«¤éÁ÷¿®¤µ¤ì¤¿ICMP¥Ñ¥±¥Ã¥È¡Êping¤ÎÁ÷¿®¤Ê¤É¡Ë¤¬
ip_queue¥â¥¸¥å¡¼¥ë¤ËÁ÷¤é¤ì¡¢¤½¤³¤«¤é¥Ñ¥±¥Ã¥È¤ò¥æ¡¼¥¶¶õ´Ö¤Î
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ËÅϤ½¤¦¤È¤¹¤ë¡£ ¥Ñ¥±¥Ã¥È¤ò¼õ¤±¼è¤ë
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤¬¤Ê¤¤¾ì¹ç¤Ï¡¢¥Ñ¥±¥Ã¥È¤ÏÇË´þ¡Êdrop¡Ë¤µ¤ì¤ë¡£ 
.PP
.\"O An application may receive and process these packets via libipq.
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢libipq ¤ò»È¤¦¤³¤È¤Ç¥Ñ¥±¥Ã¥È¤ò¼õ¿®¡¦
Êѹ¹¤Ç¤­¤ë¡£ 
.PP
.PP
.SS Libipq Overview
.\"O Libipq provides an API for communicating with ip_queue.  The following is
.\"O an overview of API usage, refer to individual man pages for more details
.\"O on each function.
libipq ¤Ï¡¢ip_queue ¤ÈÄÌ¿®¤¹¤ë¤¿¤á¤Î API ¤òÄ󶡤¹¤ë¡£ 
°Ê²¼¤Ï¡¢API ¤Î´Êñ¤ÊÀâÌÀ¤Ç¤¢¤ë¡£ ´Ø¿ô¤Î¾ÜºÙ¤Ï³Æ manpage ¤ò
»²¾È¤¹¤ë¤³¤È¡£ 
.\P
.\"O .B Initialisation
.B ½é´ü²½
.br
.\"O To initialise the library, call
.\"O .BR ipq_create_handle (3).
.\"O This will attempt to bind to the Netlink socket used by ip_queue and
.\"O return an opaque context handle for subsequent library calls.
½é´ü²½¤ò¹Ô¤¦¤Ë¤Ï¡¢
.BR ipq_create_handle (3)
¤ò»ÈÍѤ¹¤ë¡£ 
¤³¤Î´Ø¿ô¤Ï ip_queue ¤¬»ÈÍѤ·¤Æ¤¤¤ë Netlink ¥½¥±¥Ã¥È¤ò bind
¤·¡¢¤³¤Î¸å¤Î¥é¥¤¥Ö¥é¥ê´Ø¿ô¤¬»ÈÍѤ¹¤ë¥³¥ó¥Æ¥­¥¹¥È¥Ï¥ó¥É¥ë¤ò
ÊÖ¤¹¡£ 
.PP
.\"O .B Setting the Queue Mode
.B ¥­¥å¡¼¥â¡¼¥É¡Êqueue mode¡Ë¤ÎÀßÄê
.br
.\"O .BR ipq_set_mode (3)
.\"O allows the application to specify whether packet metadata, or packet
.\"O payloads as well as metadata are copied to userspace.  It is also used to
.\"O initially notify ip_queue that an application is ready to receive queue
.\"O messages.
.BR ipq_set_mode (3)
¤Ï¡¢¥æ¡¼¥¶¶õ´Ö¤Ë¥Ñ¥±¥Ã¥È¤Î¥á¥¿¥Ç¡¼¥¿¤À¤±¤ò
¥³¥Ô¡¼¤¹¤ë¤Î¤«¡¢¥Ñ¥±¥Ã¥È¤Î¥á¥¿¥Ç¡¼¥¿¤È¥Ú¥¤¥í¡¼¥É¤ÎξÊý¤ò
¥³¥Ô¡¼¤¹¤ë¤Î¤«»ØÄꤹ¤ë¡£¤³¤Î´Ø¿ô¤Ï¤Þ¤¿ ip_queue ¤Ë
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤¬¥­¥å¡¼¥á¥Ã¥»¡¼¥¸ (queue message)¤ò¼õ¤±
¼è¤ë½àÈ÷¤¬¤Ç¤­¤¿¤³¤È¤òÄÌÃΤ¹¤ë¡£ 
.PP
.\"O .B Receiving Packets from the Queue
.B ¥­¥å¡¼¤«¤é¥Ñ¥±¥Ã¥È¤ò¼õ¿®¤¹¤ë
.br
.\"O .BR ipq_read (3)
.\"O waits for queue messages to arrive from ip_queue and copies
.\"O them into a supplied buffer.
.\"O Queue messages may be
.\"O .I packet messages
.\"O or
.\"O .I error messages.
.BR ipq_read (3)
´Ø¿ô¤Ï ip_queue ¤«¤é¤Î¥­¥å¡¼¥á¥Ã¥»¡¼¥¸¤ò
ÂԤäơ¢¥Ð¥Ã¥Õ¥¡¤Ë¥³¥Ô¡¼¤¹¤ë¡£ ¥­¥å¡¼¥á¥Ã¥»¡¼¥¸¤Ï
.I ¥Ñ¥±¥Ã¥È ¥á¥Ã¥»¡¼¥¸
¤Þ¤¿¤Ï
.I ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸
¤Î¤É¤Á¤é¤« ¤Ç¤¢¤ë¡£
.PP
.\"O The type of packet may be determined with
.\"O .BR ipq_message_type (3).
¥Ñ¥±¥Ã¥È¤Î¥¿¥¤¥×¤Ï
.BR ipq_message_type (3)
¤Ç¼èÆÀ¤¹¤ë¡£
.PP
.\"O If it's a packet message, the metadata and optional payload may be retrieved with
.\"O .BR ipq_get_packet (3).
¥Ñ¥±¥Ã¥È¥á¥Ã¥»¡¼¥¸¤Î¾ì¹ç¤Ï¡¢¥á¥¿¥Ç¡¼¥¿¤È¥Ú¥¤¥í¡¼¥É¤ò
.BR ipq_get_packet (3)
´Ø¿ô¤Ç¼èÆÀ¤Ç¤­¤ë¡£ 
.PP
.\"O To retrieve the value of an error message, use
.\"O .BR ipq_get_msgerr (3).
¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤ÎÃͤò¼èÆÀ¤¹¤ë¤Ë¤Ï¡¢
.BR ipq_get_msgerr (3)
¤ò »ÈÍѤ¹¤ë¡£
.PP
.\"O .B Issuing Verdicts on Packets
.B ¥Ñ¥±¥Ã¥È¤Î½èÍýÆâÍƤÎȯ¹Ô
.br
.\"O To issue a verdict on a packet, and optionally return a modified version
.\"O of the packet to the kernel, call
.\"O .BR ipq_set_verdict (3).
¥Ñ¥±¥Ã¥È¤Î½èÍý¤ò·èÄꤷ¡¢É¬Íפʤé¥Ñ¥±¥Ã¥È¤ËÊѹ¹¤ò²Ã¤¨¤Æ
¥«¡¼¥Í¥ë¤ËÊÖ¤¹»þ¤Ë¤Ï¡¢
.BR ipq_set_verdict (3)
¤ò»ÈÍѤ¹¤ë¡£
.PP
.\"O .B Error Handling
.B ¥¨¥é¡¼½èÍý
.br
.\"O An error string corresponding to the current value of the internal error
.\"O variable
.\"O .B ipq_errno
.\"O may be obtained with
.\"O .BR ipq_errstr (3).
¸½ºß¤Î¥¨¥é¡¼¾õÂÖ¤ò³ÊǼ¤·¤Æ¤¤¤ëÊÑ¿ô
.B ipq_errno
¤ËÂбþ¤¹¤ë
¥¨¥é¡¼Ê¸»úÎó¤Ï
.BR ipq_errstr (3).
¤Ç¼èÆÀ¤Ç¤­¤ë¡£
.PP
.\"O For simple applications, calling
.\"O .BR ipq_perror (3)
.\"O will print the same message as
.\"O .BR ipq_errstr (3),
.\"O as well as the string corresponding to the global
.\"O .B errno
.\"O value (if set) to stderr.
ñ½ã¤Ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ë»È¤¨¤ë´Ø¿ô¤È¤·¤Æ¡¢
.BR ipq_perror (3)
¤Ï¡¢
.BR ipq_errstr (3),
¤ÇÊÖ¤µ¤ì¤ë¤Î¤ÈƱ¤¸Ê¸»úÎó¤òɸ½à½ÐÎÏ (stderr) ¤Ë
½ÐÎϤ¹¤ë¡£ ¤Þ¤¿¡¢
.B errno
¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤ì¤Ð
¤½¤ì¤ËÂбþ¤¹¤ë¥¨¥é¡¼Ê¸»úÎó¤â½ÐÎϤ¹¤ë¡£ 
.PP
.\"O .B Cleaning Up
.B ¸å»ÏËö
.br
.\"O To free up the Netlink socket and destroy resources associated with
.\"O the context handle, call
.\"O .BR ipq_destroy_handle (3).
Netlink ¥½¥±¥Ã¥È¤ò²òÊü¤·¡¢¥³¥ó¥Æ¥­¥¹¥È¥Ï¥ó¥É¥ë¤Ë´ØÏ¢ÉÕ¤±
¤é¤ì¤¿¥ê¥½¡¼¥¹¤òºï½ü¤¹¤ë¤Ë¤Ï¡¢
.BR ipq_destroy_handle (3)
´Ø¿ô¤ò»ÈÍѤ¹¤ë¡£ 
.\"O .SH SUMMARY
.SH ¤Þ¤È¤á
.TP 4
.BR ipq_create_handle (3)
.\"O Initialise library, return context handle.
¤Ï¡¢¥é¥¤¥Ö¥é¥ê¤ò½é´ü²½¤·¡¢¥³¥ó¥Æ¥­¥¹¥È¥Ï¥ó¥É¥ë¤òÊÖ¤¹¡£
.TP
.BR ipq_set_mode (3)
.\"O Set the queue mode, to copy either packet metadata, or payloads
.\"O as well as metadata to userspace.
¤Ï¡¢¥Ñ¥±¥Ã¥È¤Î¥á¥¿¥Ç¡¼¥¿¤À¤±¤ò¥³¥Ô¡¼¤¹¤ë¤«¡¢¥Ú¥¤¥í¡¼¥É¤â
¥³¥Ô¡¼¤¹¤ë¤«¤ÎÆ°ºî¥â¡¼¥É¤ò¥»¥Ã¥È¤¹¤ë¡£
.TP
.BR ipq_read (3)
.\"O Wait for a queue message to arrive from ip_queue and read it into
.\"O a buffer.
ip_queue ¤«¤é¤Î¥á¥Ã¥»¡¼¥¸¤òÂÔ¤Á¡¢¼õ¿®¤¹¤ë¤È¥Ð¥Ã¥Õ¥¡¤Ë
Æɤ߹þ¤à¡£
.TP
.BR ipq_message_type (3)
.\"O Determine message type in the buffer.
¤Ï¡¢¥Ð¥Ã¥Õ¥¡¤µ¤ì¤¿¥á¥Ã¥»¡¼¥¸¤Î¥¿¥¤¥×¤òÊÖ¤¹¡£
.TP
.BR ipq_get_packet (3)
.\"O Retrieve a packet message from the buffer.
¤Ï¡¢¥Ð¥Ã¥Õ¥¡¤«¤é¥á¥Ã¥»¡¼¥¸¤òÆɤࡣ
.TP
.BR ipq_get_msgerr (3)
.\"O Retrieve an error message from the buffer.
¤Ï¡¢¥Ð¥Ã¥Õ¥¡¤«¤é¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤ò¼èÆÀ¤¹¤ë¡£
.TP
.BR ipq_set_verdict (3)
.\"O Set a verdict on a packet, optionally replacing its contents.
¤Ï¡¢¥Ñ¥±¥Ã¥È¤ÎȽÃǤò²¼¤¹¡£ÆâÍƤò½ñ¤­´¹¤¨¤ë¤³¤È¤â¤Ç¤­¤ë¡£
.TP
.BR ipq_errstr (3)
.\"O Return an error message corresponding to the internal ipq_errno variable.
¤Ï¡¢ÆâÉôÊÑ¿ô ipq_errno ¤ÎÃͤ˱þ¤¸¤¿¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤ò
ÊÖ¤¹¡£
.TP
.BR ipq_perror (3)
.\"O Helper function to print error messages to stderr.
¤Ï¡¢¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤òɸ½à½ÐÎÏ¡Êstderr¡Ë¤Ëɽ¼¨¤¹¤ë
¥Ø¥ë¥Ñ¡¼´Ø¿ô¤Ç¤¢¤ë¡£
.TP
.BR ipq_destroy_handle (3)
.\"O Destroy context handle and associated resources.
¤Ï¡¢¥³¥ó¥Æ¥­¥¹¥È¥Ï¥ó¥É¥ë¤òÇË´þ¤·¡¢¥ê¥½¡¼¥¹¤ò²òÊü¤¹¤ë¡£
.\"O .SH EXAMPLE
.SH Îã
.\"O The following is an example of a simple application which receives
.\"O packets and issues NF_ACCEPT verdicts on each packet.
¼¡¤Î¥³¡¼¥É¤Ï¡¢¥Ñ¥±¥Ã¥È¤ò¼õ¤±¼è¤Ã¤Æ NF_ACCEPT ¤ÎȽÃǤòÊÖ¤¹Ã±½ã¤Ê
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎÎã¤Ç¤¢¤ë¡£ 
.RS
.nf
/*
 * This code is GPL.
 */
#include <linux/netfilter.h>
#include <libipq.h>
#include <stdio.h>

#define BUFSIZE 2048 

static void die(struct ipq_handle *h)
{
        ipq_perror("passer");
        ipq_destroy_handle(h);
        exit(1);
}

int main(int argc, char **argv)
{
        int status;
        unsigned char buf[BUFSIZE];
        struct ipq_handle *h;
        
        h = ipq_create_handle(0);
        if (!h)
                die(h);
                
        status = ipq_set_mode(h, IPQ_COPY_PACKET, BUFSIZE);
        if (status < 0)
                die(h);
                
        do{
                status = ipq_read(h, buf, BUFSIZE, 0);
                if (status < 0)
                        die(h);
                        
                switch (ipq_message_type(buf)) {
                        case NLMSG_ERROR:
                                fprintf(stderr, "Received error message %d\\n",
                                        ipq_get_msgerr(buf));
                                break;
                                
                        case IPQM_PACKET: {
                                ipq_packet_msg_t *m = ipq_get_packet(buf);
                                
                                status = ipq_set_verdict(h, m->packet_id,
                                                         NF_ACCEPT, 0, NULL);
                                if (status < 0)
                                        die(h);
                                break;
                        }
                        
                        default:
                                fprintf(stderr, "Unknown message type!\\n");
                                break;
                }
        } while (1);
        
        ipq_destroy_handle(h);
        return 0;
}
.RE
.fi
.PP
.\"O Pointers to more libipq application examples may be found in The
.\"O Netfilter FAQ.
libipq ¤ò»È¤Ã¤¿¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎÎã¤Ï
Netfilter FAQ ¤Ë¤â¤¢¤ë¡£ 
.\"O .SH DIAGNOSTICS
.SH DIAGNOSTICS
.\"O For information about monitoring and tuning ip_queue, refer to the
.\"O Linux 2.4 Packet Filtering HOWTO.
ip_queue ¤Î´Æ»ë¤È¥Á¥å¡¼¥Ë¥ó¥°¤Ë´Ø¤·¤Æ¤Ï Linux 2.4 Packet
Filtering HOWTO ¤ò»²¾È¤¹¤ë¤³¤È¡£ 
.PP
.\"O If an application modifies a packet, it needs to also update any
.\"O checksums for the packet.  Typically, the kernel will silently discard
.\"O modified packets with invalid checksums. 
¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤¬¥Ñ¥±¥Ã¥È¤ËÊѹ¹¤ò²Ã¤¨¤¿»þ¤Ë¤Ï¡¢´ØÏ¢¤¹¤ë
¥Á¥§¥Ã¥¯¥µ¥à¤âÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ë¡£ Êѹ¹¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¤Î
¥Á¥§¥Ã¥¯¥µ¥à¤¬°Û¾ï¤Ê¤È¤­¤Ë¤Ï¥«¡¼¥Í¥ë¤ÏÌۤäÆÇË´þ (silently discard) ¤¹¤ë¡£ 
.\"O .SH SECURITY
.SH ¥»¥­¥å¥ê¥Æ¥£¡¼
.\"O Processes require CAP_NET_ADMIN capabilty to access the kernel ip_queue
.\"O module.  Such processes can potentially access and modify any IP packets
.\"O received, generated or forwarded by the kernel.
ip_queue ¥«¡¼¥Í¥ë¥â¥¸¥å¡¼¥ë¤Ë¥¢¥¯¥»¥¹¤¹¤ë¥×¥í¥»¥¹¤Ï
CAP_NET_ADMIN ¸¢¸Â¤¬É¬ÍפǤ¢¤ë¡£ ¤½¤Î¤è¤¦¤Ê¥×¥í¥»¥¹¤Ï¡¢
ÀøºßŪ¤Ë¥«¡¼¥Í¥ë¤¬¼õ¿® (Á÷¿®¡¢Å¾Á÷) ¤¹¤ëÁ´¤Æ¤Î IP ¥Ñ¥±¥Ã¥È¤ò
¼èÆÀ¤·Êѹ¹¤¹¤ë²ÄǽÀ­¤¬¤¢¤ë¡£ 
.\"O .SH TODO
.SH TODO
.\"O Per-handle
.\"O .B ipq_errno
.\"O values.
.B ipq_errno
¤ò¥Ï¥ó¥É¥ë¤´¤È¤ËÍÑ°Õ¤¹¤ë¡£ 
.\"O .SH BUGS
.SH ¥Ð¥°
.\"O Probably.
¤¢¤ë¤«¤â¤·¤ì¤Ê¤¤¡£ 
.\"O .SH AUTHOR
.SH Ãø¼Ô
James Morris <jmorris@intercode.com.au>
.\"O .SH COPYRIGHT
.SH Ãøºî¸¢
Copyright (c) 2000-2001 Netfilter Core Team.
.PP
Distributed under the GNU General Public License.
.SH CREDITS
.\"O Joost Remijn implemented the
.\"O .B ipq_read
.\"O timeout feature, which appeared in the 1.2.4 release of iptables.
Joost Remijn ¤Ï
.B ipq_read
¤Î¥¿¥¤¥à¥¢¥¦¥È¤ò¼ÂÁõ¤·¤¿¡£ ¤³¤Îµ¡Ç½¤Ï iptables ¤Î 1.2.4 ¤«¤é»ÈÍѤǤ­¤ë¡£ 
.\"O .SH SEE ALSO
.SH ´ØÏ¢¹àÌÜ
.BR iptables (8),
.BR ipq_create_handle (3),
.BR ipq_destroy_handle (3),
.BR ipq_errstr (3),
.BR ipq_get_msgerr (3),
.BR ipq_get_packet (3),
.BR ipq_message_type (3),
.BR ipq_perror (3),
.BR ipq_read (3),
.BR ipq_set_mode (3),
.BR ipq_set_verdict (3).
.PP
.\"O The Netfilter home page at http://netfilter.samba.org/
.\"O which has links to The Networking Concepts HOWTO, The Linux 2.4 Packet
.\"O Filtering HOWTO, The Linux 2.4 NAT HOWTO, The Netfilter Hacking HOWTO,
.\"O The Netfilter FAQ and many other useful resources.
Netfilter ¤Î¥Û¡¼¥à¥Ú¡¼¥¸¤Ï http://netfilter.samba.org/ ¤Ë¤¢¤ë¡£
The Networking Concepts HOWTO, The Linux 2.4 Packet
Filtering HOWTO, The Linux 2.4 NAT HOWTO, The Netfilter Hacking HOWTO,
The Netfilter FAQ ¤Ê¤É¤ÎÍ­±×¤Ê ¾ðÊ󤬤¢¤ë¡£